blog-audio
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess calls to manage its environment and perform audio conversion. In
scripts/generate_audio.py,ffmpegis called to convert WAV files to MP3 using hardcoded parameters and controlled file paths. Inscripts/setup_environment.pyandscripts/run.py, subprocess is used to manage the Python virtual environment and install packages. These operations are standard for the skill's architecture and do not exhibit command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill downloads Python dependencies from PyPI. It employs a
requirements.lockfile with SHA-256 hashes for all packages (e.g.,google-genai,pydantic,cryptography), ensuring that only verified, untampered code is installed in the local environment. - [DATA_EXFILTRATION]: The skill communicates with official Google API endpoints via the
google-genaiSDK. This is the intended behavior for text-to-speech generation. It correctly handles the API key via environment variables and does not transmit sensitive local files to untrusted domains. - [PROMPT_INJECTION]: The skill processes user-provided blog content for narration. While this creates a surface for indirect prompt injection (narrating malicious text), the impact is confined to the generated audio output and does not grant the attacker unauthorized capabilities.
Audit Metadata